D' Technology Weblog » WordPress

Google notify new ‘WordPress, CMSs, forum/bulletin-board applications, plugings’ version via Webmaster Tools

DG — Fri, 20 Nov 2009 22:43:12 +0000

Until now, Google notified webmasters about their potentially hackable websites; Now, they’re expanding to cover other types of web applications for e.g., more content management systems (CMSs), forum/bulletin-board applications, stat-trackers, and so on, with a goal ‘not just to isolate vulnerable or hackable software packages,’ but to also ‘notify webmasters about newer versions of software packages or plugins they're running on their website’ via a message in Webmaster Tools. Google identify sites to notify by parsing source code of crawled web pages for included meta tag that specifies version number. “There’s divided opinions about including a version number in source code, because it lets hackers or worm writers know that website might be vulnerable to a exploit. But Matt Mullenweg pointed out, "Where [a worm writer's] 1.0 might have checked for version numbers, 2.0 just tests [a website's] capabilities...". Meanwhile, the advantage of a version number’s that it can help alert site owners when they need to update their site. So, including a version number can do more good than harm,” Google.

WordPress won 2009 Open Source CMS Award

DG — Thu, 19 Nov 2009 14:27:42 +0000

WordPress has won Overall Best Open Source CMS Award in 2009 Open Source CMS Awards. While WordPress occupied top spot in Overall Award, other two extremely popular finalists MODx and SilverStripe tied for first runner up position. After Pixie and Pligg sharing a similar result for Most Promising CMS category, this’s the second time the combined opinion of judges and public was evenly divided for two CMSes, awarding each of them a first runner up spot. “In addition to winning in Overall Award, WordPress was named first runner-up in the Best Open Source PHP CMS category. This’s significant because we weren’t even in the top 5 last year, and now we’re #2, ahead of Joomla! As is stated on the Award site, “WordPress made its way into the top five for the first time. The fact that it was outranked by Drupal by a very slight margin indicates how popular it has become with users as well as developers over the past year,” Matt Mullenweg.

WordPress 2.8.6 Security Release

DG — Fri, 13 Nov 2009 15:33:49 +0000

WordPress 2.8.6 fixes two security problems 'an XSS vulnerability in Press and an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations' that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

WPPlugis: The WordPress App Store for premium plugins

DG — Thu, 12 Nov 2009 23:19:53 +0000

WP Plugins, The App Store for WordPress, is aimed at improving the quality, support for and standard of WordPress premium plugins. If you’re looking for a plugin, you’ll be happy to know that the team assess, check and scrutinise every plugin on site to ensure they’re of highest quality. WordPress plugin developers can upload their premium plugins to WP Plugins and sell them to users at their desired price. They can choose between two pricing models: offer their plugin as-is (buyers’ll have a 7 day window to download it) or offer it as a subscription, which includes upgrades and personal support from plugin’s developer for as long as you continue subscription.

More info: WPPlugins

Gumblar Botnet crashes WordPress and other complex PHP sites

DG — Thu, 05 Nov 2009 21:48:56 +0000

Tens of thousands of web sites / blogs, running WordPress blogging software, have been broken, returning a "fatal error" message in recent weeks. According to security experts those messages are actually generated by some buggy malicious code sneaked onto them by Gumblar botnet's authors, who’ve apparently made some changes to their web code without doing proper testing, and as a result "the current version of Gumbar effectively breaks just not only WordPress blogs," but "Any PHP site with complex file architecture can be affected," wrote Sinegubko describing the issue. Crashed WordPress display following error message: Fatal error: Cannot redeclare xfm() (previously declared in /path/to/site/index.php(1) : eval()'d code:1) in /path/to/site/wp-config.php(1) : eval()'d code on line 1 . Other sites running software such as Joomla get different fatal-error messages. Gumblar installs its buggy code by first running on desktop and stealing FTP credentials from its victims and then using those credentials to place malware on website. WordPresser can use WordPress Exploit Scanner plugin to scan WordPress files and database for signs of suspicious activity. Or read ‘how to find backdoor scripts (both in files and in database) in hacked WordPress blogs’.

WordPress Page Navigation Plugins

DG — Sat, 24 Oct 2009 21:22:54 +0000

This post share the best paging navigation plugin for WordPress that’ll be an alternative to the ”Next page” and ”Previous page” WordPress functions. First, I’ll like to mention the plugin that I’ve used for past many years:

1. Pagebar adds a nice page bar to your blog posts, multipaged posts and paged comments. The basic pagebar for your blog posts, search results and archive pages can be added automagically or manually to your site. You can choose to put it above your posts, below your posts or in the footer. This plugin has more functionality then others.

More info: Download

2. WP-PageNavi from Lester Chan (or GaMerZ) adds a advanced paging navigation on WordPress homepage. Though it doesn’t comes with ready to use themes, but you can customize the CSS as per your need. You can see it on our homepage ‘diTii.com’.

More info: Download

3. WP Page Numbers, similiar to other plugin adds a advanced paging navigation on WordPress homepage. And also comes with five ready to use themes, in addition to customization.

More info: Download

4. SEO Pagebar helps you to show not only pages navigation, but you can also additionally show title tags and category names near the SEO Pagebar so that your visitors always know where they currently are.

More info: Download

Hardening WordPress with 2.8.5 Security Release

DG — Wed, 21 Oct 2009 16:20:47 +0000

WordPress 2.8.5 is a security release that brings a number of security hardening changes: • fix for Trackback Denial-of-Service attack • removal of areas within code where php code in variables was evaluated • switched file upload functionality to be whitelisted for all users including Admins • retiring of two importers of Tag data from old plugins. Its recommended that all sites are upgraded to this version of WordPress to ensure that you’ve the best available protection.

Windows Live Writer plugins for WordPress

DG — Wed, 21 Oct 2009 13:31:44 +0000

In preparation for WordCamp Seattle, Windows Live Writer developer Brandon Turner created three new plugins to work with WordPress blogs:

First plugin lets you easily change title & tagline of a blog. It integrates with Twitter so you can use your current Twitter status as blog’s tagline. Only status messages that’re not @replies or those that contain links’ll be used.
Second is designed to help manage blog comments from within Windows Live Writer. Comments’re categorized as “New,” “Approved,” and “Spam.” You can also click to view blog post in case you want to respond to commenter on your site.
Final plugin lets you add custom fields to your blog. After initial setup, dialog box’ll show custom fields across top as links you can click on. From that point forward, every time you publish via WLW, you can select from available custom fields and include them in your blog post.

More info: Download

WordPress for Windows Home Server add-in coming soon!

DG — Thu, 01 Oct 2009 10:53:59 +0000

WordPress, a popular blogging/content management system application which powers thousands of blogs around the world, including diTii.com is just a click thing to install. But installation on Windows Home Server is complicated however, requiring the installation of PHP, MySQL, configuration of the remote website and then the installation and configuration of WordPress itself. To ease out WHS user, Cougar is about to release the beta version of a WHS WordPress implementation plugin to help WHS owners to create and publish their own blogs online, all hosted on their home server.

More info: WordPress for Windows Home Server

WordPress acquires After the Deadline (AtD) Spellchecker

DG — Wed, 09 Sep 2009 14:45:54 +0000

If you’re running a WordPress.com or WordPress.org based blog, can now have a integrated spellchecker; as Automattic has acquired “After The Deadline” – you can enable it in the Wordpress visual editor by clicking the ABC button with the green checkmark (WordPress.org get plugin here). After the Deadline’ll analyze your post as you write it and highlight potential errors with an underline (red for spelling, green for grammar, blue for style), similar to grammar and spell checkers in word processing software. Clicking on a highlighted word or phrase’ll reveal the suggested correction, tell you why it’s suspected to be an error, and allow you to accept or ignore it.